Exploit-DB
|
a44e138f78
|
DB: 2024-04-03
28 changes to exploits/shellcodes/ghdb
Casdoor < v1.331.0 - '/api/set-password' CSRF
GL-iNet MT6000 4.5.5 - Arbitrary File Download
Axigen < 10.5.7 - Persistent Cross-Site Scripting
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
CE Phoenix v1.0.8.20 - Remote Code Execution
Daily Habit Tracker 1.0 - Broken Access Control
Daily Habit Tracker 1.0 - SQL Injection
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
Elementor Website Builder < 3.12.2 - Admin+ SQLi
Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection
Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)
FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
Gibbon LMS v26.0.00 - SSTI vulnerability
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
OpenCart Core 4.0.2.3 - 'search' SQLi
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal
Smart School 6.4.1 - SQL Injection
Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
ASUS Control Center Express 01.06.15 - Unquoted Service Path
Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G
Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
|
2024-04-03 00:16:27 +00:00 |
|
Exploit-DB
|
60a90afc8d
|
DB: 2024-03-11
7 changes to exploits/shellcodes/ghdb
Ladder v0.0.21 - Server-side request forgery (SSRF)
TP-Link TL-WR740N - Buffer Overflow 'DOS'
Numbas < v7.3 - Remote Code Execution
Akaunting < 3.1.3 - RCE
DataCube3 v1.0 - Unrestricted file upload 'RCE'
Hide My WP < 6.2.9 - Unauthenticated SQLi
|
2024-03-11 00:16:24 +00:00 |
|
Exploit-DB
|
f3649a641f
|
DB: 2023-10-10
24 changes to exploits/shellcodes/ghdb
Minio 2022-07-29T19-40-48Z - Path traversal
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
Atcom 2.7.x.x - Authenticated Command Injection
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction
OpenPLC WebServer 3 - Denial of Service
Splunk 9.0.5 - admin account take over
BoidCMS v2.0.0 - authenticated file upload vulnerability
Cacti 1.2.24 - Authenticated command injection when using SNMP options
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
Clcknshop 1.0.0 - SQL Injection
Coppermine Gallery 1.6.25 - RCE
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
GLPI GZIP(Py3) 9.4.5 - RCE
Limo Booking Software v1.0 - CORS
Media Library Assistant Wordpress Plugin - RCE and LFI
Online ID Generator 1.0 - Remote Code Execution (RCE)
Shuttle-Booking-Software v1.0 - Multiple-SQLi
Webedition CMS v2.9.8.8 - Blind SSRF
WEBIGniter v28.7.23 File Upload - Remote Code Execution
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
Wordpress Sonaar Music Plugin 4.7 - Stored XSS
Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
|
2023-10-10 00:16:32 +00:00 |
|
Exploit-DB
|
cb5c64da21
|
DB: 2023-06-01
13 changes to exploits/shellcodes/ghdb
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
Pydio Cells 4.1.2 - Server-Side Request Forgery
Pydio Cells 4.1.2 - Unauthorised Role Assignments
Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
Faculty Evaluation System 1.0 - Unauthenticated File Upload
Online Security Guards Hiring System 1.0 - Reflected XSS
Online shopping system advanced 1.0 - Multiple Vulnerabilities
Rukovoditel 3.3.1 - CSV injection
SCRMS 2023-05-27 1.0 - Multiple SQL Injection
Service Provider Management System v1.0 - SQL Injection
Ulicms-2023.1-sniffing-vicuna - Privilege escalation
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
|
2023-06-01 00:16:25 +00:00 |
|
Exploit-DB
|
d46ab98863
|
DB: 2023-04-06
32 changes to exploits/shellcodes/ghdb
Answerdev 1.0.3 - Account Takeover
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
ERPNext 12.29 - Cross-Site Scripting (XSS)
Liferay Portal 6.2.5 - Insecure Permissions
GNU screen v4.9.0 - Privilege Escalation
Apache Tomcat 10.1 - Denial Of Service
PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)
BTCPay Server v1.7.4 - HTML Injection.
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
ImageMagick 7.1.0-49 - DoS
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
ImageMagick 7.1.0-49 - Arbitrary File Read
itech TrainSmart r1044 - SQL injection
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
PhotoShow 3.0 - Remote Code Execution
projectSend r1605 - Remote Code Exectution RCE
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
zstore 6.6.0 - Cross-Site Scripting (XSS)
Binwalk v2.3.2 - Remote Command Execution (RCE)
XWorm Trojan 2.1 - Null Pointer Derefernce DoS
Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
Linux/x86_64 - bash Shellcode with xor encoding
|
2023-04-06 00:16:31 +00:00 |
|